Error handling `serviceAccountId` attribute when assigning `stellio-creator` role in Keycloak

[dr-yst]

I am following the Stellio Context Broker tutorial to integrate with Keycloak. I was able to create a client in Keycloak successfully, but when I tried to assign the stellio-creator role to the service account of the client, I encountered an issue. Stellio logs indicate that the serviceAccountId attribute is not recognized.

Here is the Stellio's log.

stellio-search-service        |  2024-08-25 23:28:55,741 [ntainer#0-0-C-1] DEBUG c.e.stellio.search.listener.IAMListener  - processIam - Received IAM event: {"tenantName":"urn:ngsi-ld:tenant:default","operationType":"ENTITY_CREATE","entityId":"urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b","entityTypes":["Client"],"operationPayload":"{\"id\":\"urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b\",\"type\":\"Client\",\"clientId\":{\"type\":\"Property\",\"value\":\"test-client\"}}","contexts":["https://easy-global-market.github.io/ngsild-api-data-models/authorization/jsonld-contexts/authorization.jsonld","https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context-v1.7.jsonld"]}
stellio-search-service        |  2024-08-25 23:28:55,832 [atcher-worker-2] DEBUG c.e.stellio.search.listener.IAMListener  - invoke - Successfully handled event ENTITY_CREATE for resource urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b
stellio-search-service        |  2024-08-25 23:29:04,200 [ntainer#0-0-C-1] DEBUG c.e.stellio.search.listener.IAMListener  - processIam - Received IAM event: {"tenantName":"urn:ngsi-ld:tenant:default","operationType":"ATTRIBUTE_APPEND","entityId":"urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b","entityTypes":["Client"],"attributeName":"roles","operationPayload":"{\"type\":\"Property\",\"value\":[\"stellio-creator\"]}","updatedEntity":"","contexts":["https://easy-global-market.github.io/ngsild-api-data-models/authorization/jsonld-contexts/authorization.jsonld","https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context-v1.7.jsonld"]}
stellio-search-service        |  2024-08-25 23:29:04,202 [ntainer#0-0-C-1] DEBUG c.e.stellio.search.listener.IAMListener  - processIam - Received IAM event: {"tenantName":"urn:ngsi-ld:tenant:default","operationType":"ATTRIBUTE_APPEND","entityId":"urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b","entityTypes":["Client"],"attributeName":"serviceAccountId","operationPayload":"{\"type\":\"Property\",\"value\":\"urn:ngsi-ld:User:6c25546d-4917-4cd2-88ee-71ba2f1a474d\"}","updatedEntity":"","contexts":["https://easy-global-market.github.io/ngsild-api-data-models/authorization/jsonld-contexts/authorization.jsonld","https://uri.etsi.org/ngsi-ld/v1/ngsi-ld-core-context-v1.7.jsonld"]}
stellio-search-service        |  2024-08-25 23:29:04,204 [atcher-worker-1] ERROR c.e.stellio.search.listener.IAMListener  - invoke - Error while handling event ATTRIBUTE_APPEND for resource urn:ngsi-ld:Client:8c78c950-98d9-431f-9600-02804221901b: BadRequestDataException(message=Received unknown attribute name: serviceAccountId)

Could you please confirm if the authentication method described in the tutorial is out-of-date? If so, could you provide guidance on the updated authentication setup?

[dr-yst]

I think the above comments are spam.

[bobeal]

Indeed, we did a few changes with respect to Keycloak integration very recently that may have broken the tutorial, I gonna check it.

PS: are you using the last release of Stellio?

[bobeal]

Thinking about it, it may be because the tutorial is still referencing the previous Keycloak version (23.0.6) and not the current one (25.0.2)

[dr-yst]

Indeed, we did a few changes with respect to Keycloak integration very recently that may have broken the tutorial, I gonna check it.

PS: are you using the last release of Stellio?

Yes, I'm using the latest version of Stellio.

[dr-yst]

Thinking about it, it may be because the tutorial is still referencing the previous Keycloak version (23.0.6) and not the current one (25.0.2)

Well, I have noticed that the Keycloak version in the tutorial is old and there is a newer version in the docker hub. I also tried the newer version but encountered the following error, so I have quit using the latest version of Keycloak.

keycloak  | 04:58:03,783 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1

If you already have the documentation to make it compatible with the latest Keycloak, I would like to know.

[bobeal]

Thinking about it, it may be because the tutorial is still referencing the previous Keycloak version (23.0.6) and not the current one (25.0.2)

Well, I have noticed that the Keycloak version in the tutorial is old and there is a newer version in the docker hub. I also tried the newer version but encountered the following error, so I have quit using the latest version of Keycloak.

keycloak  | 04:58:03,783 FATAL [org.jboss.as.server] (main) WFLYSRV0239: Aborting with exit code 1

If you already have the documentation to make it compatible with the latest Keycloak, I would like to know.

I'll check this tomorrow morning.

[bobeal]

I fixed a few things in the documentation and validated it locally, it should be OK now.

[dr-yst]

@bobeal Thank you so much for your help! The problem has been resolved.

To remove an old database and make it work properly, I had to do docker compose down -v for Keycloak.

Now both Stellio and Keycloak are working with their latest versions.

[bobeal]

Good to hear that. Closing this issue then.